Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your personal information in compliance with GDPR.

Last updated: November 2024

Summary: We collect only the information necessary to help you recover from scams. We never sell your data. You have full control over your information.

1. Data Controller

The data controller responsible for your personal data is:

European Scam Recovery Network
Friedrichstraße 123
10117 Berlin, Germany
Email: privacy@esrn.eu

2. What Data We Collect

Information You Provide

  • Contact information: Name, email address, phone number
  • Case details: Description of the scam, financial information, evidence and documentation
  • Account information: Login credentials for our client portal
  • Communication: Messages and correspondence with our team

Information Collected Automatically

  • Technical data: IP address, browser type, device information
  • Usage data: Pages visited, time spent, navigation paths
  • Cookies: See our Cookie Policy for details

3. How We Use Your Data

We use your personal data for the following purposes:

  • Processing and managing your case
  • Communicating with you about your case status
  • Coordinating with banks, law enforcement, and partners
  • Improving our services and website
  • Sending important updates (with your consent)
  • Complying with legal obligations

4. Legal Basis for Processing

We process your data based on:

  • Contract: To provide our recovery services to you
  • Consent: For marketing communications and non-essential cookies
  • Legitimate interest: To improve our services and prevent fraud
  • Legal obligation: To comply with applicable laws

5. Data Sharing

We may share your data with:

  • Partner banks: To process recovery claims
  • Law enforcement: When filing reports on your behalf
  • Legal partners: When legal action is required
  • Service providers: Who help us operate our services (under strict contracts)

We never sell your personal data to third parties.

6. International Transfers

Your data may be transferred outside the EEA when working with international partners. We ensure appropriate safeguards through:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Binding corporate rules where applicable

7. Data Retention

We retain your data for:

  • Active cases: Duration of the case plus 7 years
  • Closed cases: 7 years from closure (legal requirement)
  • Marketing contacts: Until you unsubscribe
  • Website analytics: 26 months

8. Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a portable format
  • Object: Object to certain processing activities
  • Withdraw consent: At any time, without affecting prior processing

To exercise these rights, contact us at privacy@esrn.eu

9. Data Security

We protect your data through:

  • SSL/TLS encryption for all data transmission
  • Encrypted storage for sensitive information
  • Access controls and authentication
  • Regular security audits
  • Staff training on data protection

10. Contact & Complaints

For privacy-related inquiries:

Email: privacy@esrn.eu
Post: Data Protection Officer, ESRN, Friedrichstraße 123, 10117 Berlin

You have the right to lodge a complaint with a supervisory authority. In Germany, this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.